Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/03/23 12:31 a.m.3 views

EUVD-2026-14339

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...

5.3CVSS5.4AI score0.00037EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/22 11:51 p.m.23 views

CVE-2026-4563 MacCMS Member Order Detail User.php order_info authorization

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...

5.3CVSS0.00037EPSS
Exploits0References4
NVD
NVDadded 2026/02/02 11:16 p.m.8 views

CVE-2025-6593

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

2.1CVSS0.00017EPSS
Exploits0References1
CVE
CVEadded 2026/02/02 11:1 p.m.14 views

CVE-2025-6593

CVE-2025-6593 affects Wikimedia Foundation MediaWiki. A remote attacker could entice a user to interact with malicious content in includes/user/User.Php, potentially leading to disclosure of limited sensitive information. Affected versions include MediaWiki 1.27.0 before 1.39.13, 1.42.7–1.43.2, a...

2.1CVSS5.2AI score0.00017EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/09 12:0 a.m.1 views

PT-2025-41462

Name of the Vulnerable Software and Affected Versions Simple Leave Manager version 1.0 Description A SQL injection issue exists in the Simple Leave Manager 1.0 application. The flaw is located in the /user.php file and stems from improper handling of user-supplied input within the argument table,...

7.5CVSS7.6AI score0.00042EPSS
Exploits1References9
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.125 views

AlienVault Authenticated SQL Injection Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AlienVault Authenticated SQL Injection Arbitrary File Read", 'Description' = %q AlienVault 4.5.0 is susceptible to an authenticated SQL injection...

7.4AI score
Exploits0
OSV
OSVadded 2023/06/29 9:15 p.m.1 views

CVE-2023-3465

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site...

6.1CVSS3.9AI score
Exploits0References3
CNVD
CNVDadded 2017/07/14 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability in ASK2 user.php

ASK2 Q&A system belongs to the Beijing Zhengying Network Technology Company's products , is a set of open source php Q&A system , integration of paid Q&A system , paid voice Q&A system . ASK2 user.php has a stored cross-site scripting vulnerability , because the system fails to strictly filter th...

6.1AI score
Exploits0
Rows per page
Query Builder